R U being watched?-wifi a honeytrap

Other than by MAC address and hostname what are the other definitive ways to identify the specific computer that is being used to connect to a public AP? Or, to identify it's precise location so as to either block connections from that location, or create a user profile from a specific machine? Most already know how to change a Mac address, but other things are not so changeable.

Reply to
MikeS
Loading thread data ...

If you've got multiple access points you could see which one it was associated with. If not, no. I've never seen an AP that can report the direction/distance a client is. There are authentication mechanisms that can be added to wireless networks, but I assume you want to keep the AP public, otherwise you would have already taken that route.

The browser will send a User-Agent string that gives varying information depending on the browser used, but like the MAC this can be changed. The OS used can be identified by its IP fingerprint. If you've got access to the machine in question, you could install something on it that will identify it on the network.

Reply to
alexd

Thank you for the reply. Can you comment further on what "IP fingerprint" is and how it is manifested and detected?

alexd wrote in news: snipped-for-privacy@ale.cx:

Reply to
MikeS

Look at the source code for nmap, and look at the output of

nmap -O your.ip.address

Reply to
Mark McIntyre

[compton ~]$ whatis nmap p0f nmap (1) - Network exploration tool and security scanner p0f (1) - identify remote systems passively [compton ~]$

The documentation that comes with p0f - specifically the README file, gives quite a lot of information. "Fyodor" (author of nmap) also has written extensively on the subject, as well as mechanisms to make such fingerprinting difficult. Of course, you _could_ try using a search engine:

Results 1 - 10 of about 1,670,000 for IP fingerprinting. (0.23 seconds)

and one of those results is

formatting link
Old guy

Reply to
Moe Trin

Further to the other suggestions, 'ntop' will attempt IP fingerprinting [amongst other things] and give you a pretty web interface to look at the results in, but it would require quite a bit of work to get it up and running.

Reply to
alexd

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.